Security Alerts and Updates

Latest Security Updates for Apple Software
Latest Security Tests from AV-Comparatives

March 2021 (Click listings for more information).
06  Samsung fixes critical Android bugs in March updates.
05  The Week in Ransomware – Targeting service providers.
05  Surface Laptop 1 & 2 get new firmware & driver updates.
05  Google’s aim to replace browser cookies with ‘FLoC’ criticized.
05  FTC and 38 states takedown a charity robocall operation.
04  Supermicro, Pulse Secure release fixes for ‘TrickBoot’ attacks.
04  PowerToys 0.33.1 out with a bunch of new features & fixes.
04  Edge gets tab enhancements & improved performance.
04  Hijacking traffic to Microsoft’s with bit flipping.
04  Microsoft is cracking down on Excel macro malware.
03  Win10 ‘Known Issue Rollback’ auto-fixes update bugs.
03  Unpatched bug in WiFi Mouse app opens PCs to attack.
03  GRUB2 boot loader reveals multiple vulnerabilities.
03  US warns of Social Security scams using fake federal IDs.
03  Microsoft starts installing Win10 20H2 on more devices.
03  Cash App phishing kit deployed in the wild.
02  March Office non-Security Updates are now available.
02  Google fixes the second Chrome zero-day bug this year.
01  Windows and Linux Spectre exploits found on VirusTotal.
01  Passwords, private posts exposed in Gab social network.

February 2021 (Click listings for more information).
28  This Week in Security – by Zack Whittaker.
27  Weekend task: Check your DNS – by Susan Bradley.
26  The Week in Ransomware – Back from the Holidays.
26  Cryptocurrency scammers hack verified Twitter accounts.
26  T-Mobile discloses data breach after SIM swapping attacks.
26  Chrome will soon use HTTPS by default.
25  Intel wireless driver updates fix Win10 blue screen issues.
25  macOS 11.2.2 Big Sur is out with a fix for USB Type-C hubs.
24  Win10 gets combined LCU/SSU update in public release.
24  Tax season ushers in Quickbooks data-theft spike.
24  Federal Reserve outage impacts US banking system.
24  Google funds Linux maintainers to boost Linux security.
24  Microsoft releases Windows 10 build 19042.844 with fixes.
23  LinkedIn is down for many, and we are not sure why.
23  Google adds Password Checkup support to Android autofill.
23  Firefox 86 increases privacy with Total Cookie Protection.
23  10K Microsoft email users hit in FedEx phishing attack.
22  Assume Clubhouse conversations are being recorded.
22  SHAREit fixes security bugs in app with 1 billion downloads.
22  Telegram for Win10 update brings a new privacy feature.
22  Stored XSS bug in Apple iCloud domain disclosed.
21  This Week in Security – by Zack Whittaker.
21  Windows 10 Sun Valley ’21H2′ update: What we know so far.
21  Google Alerts abused to push fake Adobe Flash updater.
20  Weekend task: it’s Squirrel away time – by Susan Bradley.
20  Kroger data breach exposes pharmacy and employee data.
20  Recent Windows zero-day actively exploited since mid-2020.
19  Malformed URL prefix phishing attacks spike 6,000%.
19  Mysterious Silver Sparrow malware found on 30K Macs.
19  CIS offers free ransomware protection to all US hospitals.
19  Brave bug exposes Tor onion URLs to your DNS provider.
19  Surface Duo gets an Android security patch, and more.
18  Hackers abuse Google Apps Script to steal credit cards.
18  Telephony denial-of-service attacks can lead to loss of lives.
18  Mac malware targets Apple’s in-house M1 processor.
18  A second Windows SSU pulled for blocking security updates.
17  Windows, Linux devices hijacked in cryptojacking campaign.
17  Microsoft force installs Win10 update to remove Flash Player.
17  Tracker pixels in emails are an ‘endemic’ privacy concern.
17  Google Releases Security Updates for Chrome.
16  Windows 10 updates released for versions 1909 and 1809.
16   Win10 Secure Boot update triggers BitLocker key recovery.
16  Misconfigured baby monitors allow unauthorized viewing.
16  Exploited browser zero-day to redirect users to scams.
16  Windows KB4601392 pulled for blocking security updates.
15  Security bugs in Android app with one billion downloads.
14  This Week in Security – by Zack Whittaker.
14  Major browsers getting this Intel security feature.
14  Weekend task: Windows backup – by Susan Bradley.
12  The Week in Ransomware – More keys released.
12  Scammers target US tax pros in IRS phishing attacks.
12  ‘Annoyingly believable’ tax scam targets mobile users.
12  Gmail users from the US most targeted by phishing attacks.
11  Valentine’s Day malware attack mimics flower, lingerie stores.
11  Internet Explorer 11 zero-day vulnerability gets micropatch.
11  Windows Defender bug gives hackers admin rights.
11  Emergency fix released for Windows 10 WiFi crashes.
10  FBI warns about using TeamViewer and Windows 7.
10  Microsoft now forces secure RPC to block Zerologon attacks.
10  Intel squashes high-severity graphics driver flaws.
10  Microsoft Office updates patch Sharepoint, Excel RCE bugs.
10  Windows 10 bug letting attackers trigger BSOD crashes fixed.
09  Apple fixes SUDO root privilege escalation flaw in macOS.
09  Patch Tuesday: Here’s what’s new for Windows 7 and 8.1.
09  Microsoft urges customers to patch Windows TCP/IP bugs.
09  Win10 Cumulative Updates KB4601315 & KB4601319 released.
09  Microsoft February Patch Tuesday fixes 56 flaws, 1 zero-day.
09  Adobe fixes critical Reader vulnerability exploited in the wild.
09  Recent Windows 10 gaming issues caused by Discord bug.
08  Microsoft: Keep your guard up even after Emotet’s disruption.
08  Android app that started sending malware to users removed.
08  iPhone 12 feature can disrupt implantable medical devices.
08  Big jump in RDP attacks on staff working from home.
07  This Week in Security – by Zack Whittaker.
07  Phishing attack uses Morse code to hide malicious URLs.
06  Tasks for the weekend – by Susan Bradley.
06  Mozilla fixes Windows 10 NTFS corruption bug in Firefox.
06  Flash Player emulator lets you securely play your old games.
06  Google Chrome users should click this button now.
05  The Week in Ransomware – Data destruction.
05  Warning of increasing OAuth Office 365 phishing attacks.
05  Chrome sync feature can be used for C&C & data exfiltration.
05  Windows 10 updates cause Visual Studio, WPF app crashes.
05  Google kills The Great Suspender: here’s what to do next.
04  Google fixes Chrome zero-day actively exploited in the wild.
04  Facebook, Instagram, TikTok, & Twitter target resellers of hacked accounts.
04  Spotify suffers 2nd credential-stuffing attack in 3 months.
04  Win10 version 2004 is designated for broad deployment.
04  Fixed: PowerPoint crashes in Office February updates.
04  Android devices ensnared in DDoS botnet.
03  New Fonix ransomware decryptor can recover victim’s files.
03  Issue causing Windows 10 apps to forget passwords fixed.
03  Fifth and sixth-generation Surface Pro get firmware updates.
03  5 critical Android bugs patched, part of Feb. Security Bulletin.
03  Wind10 update fixes device deactivation, freezing issues.
02  Recent root-giving Sudo bug also impacts macOS.
02  The Office non-Security Updates have been released.
02  PowerToys version 0.31.1 is out with fixes & improvements.
02  Trickbot malware now maps victims’ networks using Masscan.
02  Web skimmers piggyback in ongoing Costway compromise.
02  Apple pulls iCloud 12 update from Microsoft Store.
01  Scammers posing as FBI agents threaten targets with jail time.

January 2021 (Click listings for more information).
31  This Week in Security – by Zack Whittaker.
31  Windows 10 features that boost your PC’s security & privacy.
30  Tasks for the weekend – by Susan Bradley.
30  Malicious Home Depot ad gets top spot in Google Search.
29  The Week in Ransomware – Striking back.
29  The Taxman Cometh for ID Theft Victims.
29  Windows Installer zero-day vulnerability gets micropatch.
29  How law enforcement’s Emotet malware module works.
28  USCellular hit by a data breach after hackers access CRM.
28  Google researcher discovers a new iOS security system.
28  New driver and firmware updates for the Surface Laptop 3.
28  DuckDuckGo enables Global Privacy Control by default.
28  Chrome blocks 7 more ports to stop NAT Slipstreaming attacks.
28  Optimise Facebook and Google account for Data Privacy Day.
27  Microsoft rolls out Application Guard for Office to 365 users.
27  Europol: Emotet malware will uninstall itself on March 25th.
27  Emotet botnet disrupted after global takedown operation.
26  Microsoft releases Windows 10 Intel CPU microcode updates.
26  Apple releases iOS 14.4, iPadOS 14.4, tvOS 14.4, & watchOS 7.3.
26  Firefox 85 adds supercookie protection, removes Flash support.
26  TikTok fixes flaws allowing theft of private user information.
25  Win10 NTFS corruption bug gets an unofficial temporary fix.
25  ProtonVPN antivirus conflicts cause Windows BSOD crashes.
25  Microsoft workaround for Win10 Conexant driver issues.
25  Warning about having the iPhone 12 close to pacemakers.
24  This Week in Security – by Zack Whittaker.
23  Tasks for the weekend – by Susan Bradley.
22  The Week in Ransomware – Calm before the storm.
22  Amazon Kindle RCE Attack Starts with an Email.
22  Bonobos clothing store data breach, 70GB database leaked.
22  Win10 KB4598298 update fixes crash and restart issues.
21  Preview updates released for Win10 versions 1909 & 1809.
21  Edge gets a password generator, leaked credentials monitor.
21  QNAP warning: secure NAS devices against Dovecat malware.
21  Google Forms set a baseline for widespread BEC attacks.
20  Microsoft shares how SolarWinds hackers evaded detection.
20  NVIDIA gamers face DoS, data loss from Shield TV bugs.
20  VLC Media Player fixes multiple remote code execution flaws.
20  Chrome now checks for weak passwords, helps fix them.
20  Hacker leaks database of 77 million Nitro PDF user records.
20  Better than the best password: Use 2FA to improve security.
20  Hacker posts 1.9 million Pixlr user records for free on forum.
20  List of DNSpooq vulnerability advisories, patches, & updates.
19  SolarWinds hackers accessed internal emails of Malwarebytes.
19  Google Chrome 88 released: RIP Flash Player & FTP support.
19  DNSpooq bugs let attackers hijack DNS on millions of devices.
19  How to secure your Google account and keep it safe.
19  Fourth malware strain discovered in SolarWinds incident.
17  This Week in Security – by Zack Whittaker.
17  WhatsApp delays take it or leave it privacy terms update.
17  Win10 bug causes a BSOD when opening a certain path.
16  Tasks for the weekend – by Susan Bradley.
16  Stolen credit card shop closes after making a fortune.
16  DuckDuckGo surpasses 100 million daily search queries.
16  Security update for Secure Boot DBX can be skipped.
15  The Week in Ransomware – Locking you up.
15  Signal confirms service outage, restoration efforts underway.
15  Windows Finger command used by phishing to push malware.
15  Linux Mint fixes screensaver bypass discovered by 2 kids.
15  Apple kills macOS feature allowing apps to bypass firewalls.
15  Google boots 164 apps from Play marketplace for shady ads.
14  Office security updates fix remote code execution bugs.
14  Switching to Signal? Turn on these security settings now.
14  Ring adds end-to-end encryption to quell security uproar.
14  Win10 bug corrupts your hard drive on seeing this file’s icon.
13  It’s finally over! Time to uninstall Adobe Flash Player.
13  Microsoft addresses issue breaking Win10 ‘Reset this PC’.
13  Secure Boot bug allowing Windows rootkit installation fixed.
12  Google reveals Windows and Android hacking operations.
12  Win10 Cumulative Updates KB4598229 & KB4598242 released.
12  Here’s what’s new for Windows 8.1 & 7 this Patch Tuesday.
12  Microsoft Patch Tuesday fixes 83 flaws, 1 zero-day.
12  January 2021 updates are here. – by Susan Bradley.
12  Adobe fixes 7 critical flaws, blocks Flash Player content.
11  Sysmon now detects malware process tampering attempts.
11  Networking giant alerts customers of a potential data breach.
11  Mac malware uses ‘run-only’ AppleScripts to evade analysis.
11  DarkSide ransomware decryptor recovers victims’ files.
11  Sealed U.S. court records exposed in SolarWinds breach.
11  The first Patch Tuesday of ‘21; time to delay updates.
10  This Week in Security – by Zack Whittaker.
09  Tasks for the weekend – by Susan Bradley.
08  The Week in Ransomware – January 8th – $150 million.
08  Surface Studio gets a firmware update to improve stability.
08  Microsoft fixes Win10 crash issue causing forced reboots.
08  NVIDIA fixes flaws affecting Windows & Linux devices.
08  Bugs in Firefox, Chrome, Edge allow remote system hijacking.
07  Encryption keys for Google Titan security keys at risk.
07  Nvidia warns Windows gamers of graphics driver flaws.
07   Windows PsExec zero-day vulnerability gets a micropatch.
07  Mozilla Releases Security Updates for Firefox.
07  Google Releases Security Updates for Chrome.
06  Firefox disabling backspace key to prevent data loss.
06  Phishing attack uses an odd lure to deliver trojan malware.
05  Russian state hackers likely behind SolarWinds hack.
05  Telegram triangulation pinpoints users’ exact locations.
05  Warning of critical Android remote code execution bug.
05  Microsoft Office updates fix Outlook crash issues.
05  January Office non-Security Updates are available.
05  ElectroRAT malware drains cryptocurrency wallets.
05  How to lock down your Microsoft account & keep it safe.
04  Malware uses WiFi BSSID for victim identification.
04  Solarwinds – What it means for Windows updates.
04  Slack suffers its first massive outage of 2021.
04  T-Mobile discloses its 4th data breach in 3 years.
03  This Week in Security – by Zack Whittaker.
03  Beware: PayPal phishing texts state your account is ‘limited’.
03  Chrome fixes antivirus ‘file locking’ bug on Windows 10.
02  Tasks for the weekend – by Susan Bradley.
01  The Week in Ransomware – New Year Edition.
01  Microsoft updates PowerToys to version 29.3 with fixes.